Executive Briefing October 24, 2017

SPECIAL COVERAGE: WARRANTS CASE

Last Monday, the Supreme Court granted Cert to hear the Microsoft v. DoJ case involving cloud privacy. The issue at hand is whether U.S. federal or state law enforcement can use traditional search warrants to seize emails of citizens of foreign countries that are located in data centers outside the United States. The current law that this is based on is 31 years old. Microsoft has prevailed in the lower courts. The Supreme Court is expected to hear oral arguments in February and rule sometime in late spring/early summer.

Microsoft had urged the court to stay out of the case and instead allow Congress to make needed changes to bring the 1986 Stored Communications Act up to date. Bipartisan bills have been introduced in both the Senate and House of Representatives. Microsoft said the high court’s intervention would “short-circuit” the congressional effort. “The current laws were written for the era of the floppy disk, not the world of the cloud. We believe that rather than arguing over an old law in court, it is time for Congress to act by passing new legislation,” Microsoft president and chief legal officer Brad Smith wrote on the company’s blog after the court acted.

The Supreme Court on Monday accepted a second important case on digital privacy, agreeing to hear a dispute between the federal government and Microsoft about emails stored overseas. The case began in 2013, when U.S. prosecutors got a warrant to access emails in a drug trafficking investigation. The data was stored on Microsoft servers in Ireland. Microsoft turned over information it had stored domestically but contended U.S. law enforcement couldn’t seize evidence held in another country. It said if forced to do so, it would lead to claims from other countries about data stored here.

WASHINGTON — The Supreme Court on Monday agreed to decide whether federal prosecutors can force technology companies to turn over data stored outside the United States. Disputes between leading technology companies and the Justice Department have become increasingly common, and the new case will give the Supreme Court an opportunity to weigh in on the clash between the demands of law enforcement and the companies’ desire to shield the information they collect to protect their customers’ privacy. The case, United States v. Microsoft, No. 17-2, arose from a federal drug investigation. Prosecutors sought the emails of a suspect that were stored in a Microsoft data center in Dublin. They said they were entitled to the emails because Microsoft is based in the United States.

Monday, the Supreme Court agreed to hear the case this term. Its decision — which will come after two lower courts sided with the government and the Second Circuit reversed — will determine the extent to which United States law enforcement can access data held abroad. Microsoft will argue that the data is outside domestic law enforcement’s direct reach. The government will make the case that its warrant authority covers data held anywhere, so long as it can be accessed by a company operating from within the United States.

Microsoft may have won its fight to protect overseas data from American search warrants, but it can’t rest easy. The Supreme Court has agreed to hear the Department of Justice’s petition to review the case, virtually guaranteeing that the case will set the basis for how US law enforcement can access data abroad. We don’t have a court date as of this writing, but the arguments on both sides are already well-established. A New York district court and the DOJ contend that companies, not users, own data stored abroad — in this case, email held in an Irish data center. As such, any warrant targeting an American company would be considered a domestic request and wouldn’t have to face extra scrutiny.

HILL UPDATE

A new proposed bill could make it legal for companies to retaliate against hackers. Dubbed the “hack back” bill, it was introduced last week to allow businesses to hack the hackers who’ve infiltrated their computer networks. Called the Active Cyber Defense Certainty (ACDC) Act, it amends the Computer Fraud and Abuse Act anti-hacking law so a company can take active defensive measures to access an attacker’s computer or network to identify the hackers, as well as find and destroy stolen information. It was introduced by two U.S. Representatives, Tom Graves, a Georgia Republican, and Kyrsten Sinema, an Arizona Democrat.

But the tech industry, which has worked to thwart previous efforts to mandate such disclosure, is mobilizing an army of lobbyists and lawyers — including a senior adviser to Hillary Clinton’s campaign — to help shape proposed regulations. Long before the 2016 election, the adviser, Marc E. Elias, helped Facebook and Google request exemptions from the Federal Election Commission to existing disclosure rules, arguing that ads on the respective platforms were too small to fit disclaimers listing their sponsors. Now Mr. Elias’s high-powered Democratic election law firm, Perkins Coie, is helping the companies navigate legal and regulatory issues arising from scrutiny of the Russian-linked ads, which critics say might have been flagged by the disclaimers. In a two-front war, tech companies are targeting an election commission rule-making process that was restarted last month and a legislative effort in the Senate.

ARTICLE SUMMARY

Microsoft and the Green Bay Packers football team announced that each organization will be investing $5 million, doled out over the course of the next five years, to fund the creation of an accelerator, an early-stage VC fund, and a business development lab in Green Bay, Wisconsin. The building, called Titletown Tech, is tentatively scheduled to open next fall, and will be housed in Titletown District, an approximately 45-acre business and recreational development west of Lambeau Field that’s largely been funded by the Green Bay Packers. The investment comes as part of Microsoft’s TechSpark initiative, a civic program the tech giant quietly announced earlier this month in a blog post. The program will initially focus on communities in six states: North Dakota, Wisconsin, Virginia, Texas, Wyoming, and Washington. TechSpark has five areas of focus: providing digital transformation initiatives for more advanced companies, digital skills and computer science education initiatives, apprenticeship-type programs at community colleges, rural broadband deployment, and offering technology and financial support for local nonprofits in each of the TechSpark communities.

SILICON VALLEY OLIGARCHS have plenty of reason to lose sleep these days, but the looming prospect of Nov. 1 has to be high on the list. That’s the day that executives from Google, Facebook, and Twitter are scheduled to testify in back-to-back hearings before Senate and House committees investigating Russian interference in the 2016 election. “The nightmare scenario is Mark Zuckerberg, Larry Page, Eric Schmidt, and Sheryl Sandberg standing at a congressional table with their hands raised in the air like the tobacco people,” says Jonathan Taplin, director emeritus of the Annenberg Innovation Lab at USC, referring to the 1994 televised hearing where tobacco executives testified that cigarettes are not addictive.

If Amazon fulfills its plan to add 50,000 jobs and 8 million square feet of office space in another city, it will amount to the largest corporate move in decades, although the company plans to maintain its current Seattle headquarters. Some governors and mayors have already begun floating subsidies of as much as $7 billion while others have filmed online videos or launched marketing campaigns aligned with their bids. On the day bids were due, Oct. 19, buildings around New York City were lit orange to match the company’s logo. The next step is for Amazon’s real estate team to sort through the bids and decide which proposals to consider more closely. It plans to make a decision early next year. However, urban policy analysts have warned that jurisdictions ought to tread lightly when offering single corporations large subsidies, arguing that investing in workforce, education and transportation tends to be a better bet for economic growth. To accommodate the company’s growth in Seattle, taxpayers funded hundreds of millions of dollars in improvements, although Amazon directly contributed $30 billion to the local economy.

The Trump administration is already developing a pattern of being long on oratory but short on tangible action, and, sad to say, the President’s cybersecurity Executive Order is following the script. No matter, it seems, that massive and increasing cyberattacks domestically and internationally are shredding confidence in the ability of major institutions to protect sensitive, typically consumer-centric data.

(Reuters) – A Native American tribe sued Amazon.com Inc and Microsoft Corp in federal court in Virginia on Wednesday for infringing supercomputer patents it is holding for a technology firm. The Saint Regis Mohawk Tribe was assigned the patents by SRC Labs LLC in August, in a deal intended to use the tribe’s sovereign status to shield them from administrative review. SRC is also a plaintiff in the case. Microsoft and Amazon did not immediately return requests for comment.

LONDON – Silicon Valley is a uniquely American creation, the product of an entrepreneurial spirit and no-holds-barred capitalism that now drives many aspects of modern life. But the likes of Facebook (FB), Google (GOOG) and Apple (AAPL) are increasingly facing an uncomfortable truth: it’s Europe’s culture of tougher oversight of companies, not America’s laissez-faire attitude, that could soon rule their industry as governments seek to combat fake news and prevent extremists from using the internet to fan the flames of hatred.

Over the last two decades, there has been serious pushback from the developing world against the current IP regime. In large part, this is because wealthy countries have sought to impose a one-size-fits-all model on the world, by influencing the rule-making process at the World Trade Organization (WTO) and forcing their will via trade agreements. The IP standards advanced countries favour typically are designed not to maximise innovation and scientific progress, but to maximise the profits of big pharmaceutical companies and others able to sway trade negotiations. No surprise, then, that large developing countries with substantial industrial bases – such as South Africa, India and Brazil – are leading the counterattack.

When North Korean hackers tried to steal $1 billion from the New York Federal Reserve last year, only a spelling error stopped them. They were digitally looting an account of the Bangladesh Central Bank, when bankers grew suspicious about a withdrawal request that had misspelled “foundation” as “fandation.” Even so, Kim Jong-un’s minions still got away with $81 million in that heist. Then only sheer luck enabled a 22-year-old British hacker to defuse the biggest North Korean cyberattack to date, a ransomware attack last May that failed to generate much cash but brought down hundreds of thousands of computers across dozens of countries — and briefly crippled Britain’s National Health Service.

Senator Ted Cruz, who just last year expressed his support for a governmental backdoor into the iPhone, is absolutely outraged that Apple would restrict the freedom and privacy of Chinese citizens by removing VPN apps from its App Store in China. And he’s sent a strongly worded letter to Apple CEO Tim Cook demanding answers.

This week, a bipartisan group of US senators took the first steps toward regulating online political advertising in a manner similar to the way the government already regulates these ads in traditional media. Democratic Sens. Amy Klobuchar (MN) and Mark Warner (VA), joined by Republican Sen. John McCain (AZ), say their Honest Ads Act will protect against foreign interference in elections by requiring platforms like Facebook to make details about ads’ buyers, pricing, and targeting publicly available.

A bill proposed this week by a group of US senators would require social media companies to disclose more details about online political advertisements, currently almost entirely unregulated in the country. Facebook in particular is under fire for hosting fake accounts and running ads placed by Russian operatives that may have swayed the 2016 presidential election. There are many bureaucratic hurdles to overcome in passing laws to rein in globe-spanning tech giants, which spend big to lobby against changes. The lesson from recent history is that if regulators want tech firms to change their ways, they should treat them like banks.

THINK TANK/TECH TRADE ASSOCIATION HIGHLIGHTS

BSA | The Software Alliance

Statement on EU-US Privacy Shield annual review: BSA’sDirector General, Policy – EMEA Thomas Boué stated, “We congratulate the European Commission and the US government on their work in the lead up to the Privacy Shield’s annual review…Privacy Shield is a living mechanism and we encourage both sides to continue their fruitful cooperation in the months and years to come so as to ensure the continuation of EU-US data flows, which underpins the economy on both sides of the Atlantic.” (BSA STATEMENT – BSA Welcomes Commission’s Balanced Report on EU-US Privacy Shield Annual Review, October 18, 2017)

FreedomWorks

Blog post on rural broadband: Economic research intern Andrew Magloughlin wrote, “Microsoft recently unveiled its plan to close the rural-urban broadband gap with ‘Airband,’ a technology that delivers broadband through empty radiofrequency.” He added, “Airband will bring internet service to rural communities in six different states, a move widely seen as the first major investment in TV white space broadband.”(FREEDOMWORKS BLOG – Airband Will Close Rural Broadband Gap, By Andrew Magloughlin, October 14, 2017)

Information Technology Industry Council (ITI)

Statement on EU-US Privacy Shield annual review: Senior Vice President of Global Policy Josh Kallmer stated, “The Privacy Shield framework demonstrates that both industry and the U.S. government appropriately protect personal data, while providing the economic certainty for businesses to enter new markets, create jobs, and bolster economic growth.” He added that ITI “appreciate[s] the continuing support for Privacy Shield from both the U.S. Administration and European Commission, and look forward to working with our partners on both sides of the Atlantic to ensure it continues to work well.” (ITI STATEMENT – ITI Commends European Commission’s Validation of Privacy Shield, October 18, 2017)

Information Technology & Innovation Foundation (ITIF)

Report on counterintelligence: Intelligence analystDarren E. Tromblay discussed the concept of counterintelligence in a new report while examining “the role of the private sector in protecting its own intellectual assets.” He argued, “It is time for a new approach to the important function of counterintelligence outreach to the commercial sector. Such an approach must focus more on recognizing and responding to indicators of the threat, less on turning to investigators once the damage has already been done.”(ITIF REPORT – Protecting Partners or Preserving Fiefdoms? How to Reform Counterintelligence Outreach to Industry, By Darren E. Tromblay, October 16, 2017) (Additional: ITIF Press Release)

Statement on Microsoft Supreme Court case: Vice president Daniel Castro stated, “No matter how the case is decided, there are potential negative implications for U.S. competitiveness. If the court supports the use of search warrants to obtain data stored abroad, it will feed the perception that the best way to protect data from the prying eyes of the U.S. government is to store it abroad with a non-U.S. provider.” He added, “On the other hand, if the court rules that search warrants cannot be used overseas, foreign governments may try to force companies to store data within their borders to make it impossible for U.S. officials to execute a search warrant. This also damages U.S. tech competitiveness because barriers to the free flow of information impede digital innovation.” (ITIF STATEMENT – Supreme Court Decision to Hear U.S. v. Microsoft Creates Narrow Window For Much Needed Congressional Action, October 16, 2017)

New America

Op-ed on encryption: Policy counsel Robyn Greene argued, “The debate we should be having now is not how to water-down technology to meet law enforcement’s needs, but rather, how to ensure that law enforcement can adapt quickly and effectively as technology evolves.” She added, “For society to be truly fully-informed as Rosenstein urges, we must all be clear about the boundaries and protections of constitutional law, the limitations in conducting investigations that law enforcement has always faced, and the security risks and benefits to requiring an encryption backdoor.” (JUST SECURITY – Responsibility and the Encryption Debate: A Response to DAG Rosenstein, By Robyn Greene, October 17, 2017)

Comments on broadband deployment: The Open Technology Institute (OTI) “filed reply comments in the FCC’s proceeding to determine whether broadband is being deployed to all Americans in a reasonable and timely manner.” In the comments, OTI “urged the Commission to move quickly to finalize its vacant channel proceeding and ensure at least 18 megahertz (MHz) of unlicensed spectrum in TV White Spaces on a nationwide basis.” (NEW AMERICA PRESS RELEASE – OTI Submits Reply Comments to the FCC on Broadband Deployment, By Amir Nasr and Eric Null, October 13, 2017)

NOTABLE QUOTES

“If U.S. law enforcement can obtain the e-mails of foreigners stored outside the United States, what’s to stop the government of another country from getting your e-mails even though they are located in the United States?” Smith asked. “We believe that people’s privacy rights should be protected by the laws of their own countries, and we believe that information stored in the cloud should have the same protections as paper stored in your desk.”

“It’s true that Congress could amend the Stored Communications Act to make it clear that companies must comply with warrants such as the one in this case. But the Justice Department believes that the court can spare Congress the trouble by holding that information obtainable “with the click of a computer mouse” is subject to the law as it exists. We agree.”

“This is why it is imperative that Congress passes the ICPA to create a middle ground in which the government may obtain a warrant to access information stored in foreign servers only if certain conditions are met. Under the ICPA, the government can adequately prove that it has done everything in its capacity to prove the information it seeks is owned by a ‘U.S. person, a person physically located within the United States, or a national of a foreign country that has a law enforcement cooperation agreement with the United States.’”

“ICPA would not hamper the ability of officials to investigate international crimes. Rather, it would allow law enforcement to obtain communications from foreign nationals in a manner consistent with both American and international law.”

“[Microsoft’s warrant case] is not a constitutional question. This is a question of statuary interpretation, and bluntly stated, if Congress thinks the Supreme Court got it wrong, Congress can fix it.”

“With high court decisions looming in both Microsoft and Carpenter v. United States, another important digital age case, Congress would be wise to act now and pass this important legislation. The Supreme Court is the wrong forum for updating American law to reflect the rise of cloud computing.”

“[Deputy Attorney General Rod Rosenstein]’s agency badly miscalculated whom the public would side with when investigators chose to take the “Apple vs. FBI” fight public last year. Now, with “negotiations” with tech companies at a détente and public opinion of Silicon Valley becoming more hostile, the government sees its chance—one it’s long anticipated. So far, the public and Congress haven’t bought what the DOJ has been pushing. With tech giants falling into disfavor, that might finally change.”

“The intelligence agencies’ practices in relation to bulk data were previously found to be unlawful. After three years of litigation, just before the court hearing we learn not only are safeguards for sharing our sensitive data non-existent, but the government has databases with our social media information and is potentially sharing access to this information with foreign governments.”

“The FSB’s attempts to get access to personal correspondence is an attempt to expand its influence at the expense of citizens’ constitutional rights… until the FSB’s lawsuit will be heard by a judge that knows Russia’s principal law – its Constitution.”